[1668] in bugtraq
Re: sniffers
daemon@ATHENA.MIT.EDU (der Mouse)
Tue May 2 10:54:10 1995
Date: Tue, 2 May 1995 07:56:20 -0400
From: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>
To: bugtraq@fc.net
>> These are all good ideas, however many sniffers are not Unix systems
>> that can be logged into and examined. I have worked with DOS based
>> sniffers (Network General Sniffer, Excelan, HP, etc) that are far
>> superior to suns (as sniffers/protocol analayzers) and I doubt that
>> they are easily detectable even with their transmit lead intact.
> I don't think the machine you run sniffer software on could make it
> better or worse, they all get the same packets;)
Not quite. Some machines designed as sniffers / network analyzers have
special network interfaces that let them see things like packets with
Ethernet CRC checksum errors, runts, giants, etc - stuff that most
Ethernet interfaces either silently drop or just report the existence
of.
Also, the software on a dedicated machine has usually received a lot
more attention to making it useful than the network sniffing software
on a general-purpose machine. (Unfortunately, it generally is also
completely fixed - you get what someone else thinks is useful, with no
way to modify it to do what _you_ want done.)
der Mouse
mouse@collatz.mcrcim.mcgill.edu